Nix / NixOS

1732 readers
10 users here now

Main links

Videos

founded 1 year ago
MODERATORS
26
 
 

A big part of why nix documentation is sub par. The essential tomes of nix - the nix manual, the nixos manual, the nixos options, the nixpkgs manual - each of these documents is just one long page.

They are the digital equivalent of scrolls, rather than books (codices?).

Rather than having a page number (or page link), one must unroll the scroll to the point of interest. One cannot simply flip between two points of interest. One cannot have bookmarks, or refer to page numbers. Ctrl-F is helpful, sure, but not great.

For instance, I was just looking for the documentation of the systemd.services. options. Its near the end of the colossally long scroll known as the Nixos Options Appendix. Ctrl-F on systemctl.services will get one million hits on all the myriad services nixos offers before you finally get to the relevant section. And if you do find that section (with single pixel movements of the scroll bar) and then ctrl-f, woe betide you, you're now at the top of the document and your place is lost!

27
 
 

Hi!

I've ran into an issue with nix develop shells.

My setup:

  • Nix Darwin (macos)
  • Custom TLS certificates installed via nix darwin

Everything works as expected with the installed certificates, but as soon as I enter into a development shell with nix develop, the certificates are not available and thus, I get TLS errors that break whatever I'm doing in the dev shell. If I use an impure development shell, the issue disappears.

Is there a way to use pure nix develop shells which respect the installed certificates?

28
 
 

I had been struggling for a while to get CUDA on my main NixOS box for some ML programming. It seems there weren't any clear solutions in the NixOS forums, which just suggested suffering through painful build times. Here's my hacky, less Nix-y approach that takes ~5 minutes.

29
 
 

I followed the wiki on libvirt https://nixos.wiki/wiki/Libvirt and even set up the config for qemu for uefi but it isn't recognizing it I guess. Any ideas? Thanks

30
9
Changing Hardware config (programming.dev)
submitted 2 months ago* (last edited 2 months ago) by adept@programming.dev to c/nix@programming.dev
 
 

I want to change my hardware config from 2 btrfs partitions to 1 partition with subvolumes for root, /nix, /home, and maybe some other like /log.

I mainly want to optimize the /nix/store. And possibly being ready to integrate the impermanence module down the line

What would be the easiest way to accomplish this without reinstalling or breaking too much?

Alternativly I thought about using disko and nixos-install the overwrite my second disk

Thank you

31
 
 

I'm using Nixos 24.05 on my asus zenbook 14 and the scroll speed of the touchpad is rather high.

Is there any way to adjust it from the config? I don't see an option in gnome/wayland

32
 
 

This description is a repost of what was said about the project on the nix discourse

SkaraboxOS provides a flake template which combines:

  • Creating a bootable ISO, installable on an USB key.
  • nixos-anywhere to install NixOS headlessly.
  • disko 1 to format the drives.
  • deploy-rs 2 to deploy updates.

SkaraboxOS expects a particular hardware layout:

  • 1 SSD or NVMe drive for the OS.
  • 2 Hard drives that will store data. Capacity depends on the amount of data that will be stored. They will be formatted in Raid 1 (mirror) so each hard drive should have the same size.

WARNING: The 3 disks will be formatted and completely wiped out of data.

At the end of the process, the server will:

  • Have an encrypted ZFS root partition using the NVMe drive, unlockable remotely through ssh.
  • Have an encrypted ZFS data hard drives.
  • Be accessible through ssh for administration and updates.

discourse post

33
34
28
Nix Release 2.24 (releases.nixos.org)
submitted 3 months ago by mac@programming.dev to c/nix@programming.dev
35
 
 

Hi! I would like to host a transparent proxy for cache.nixos.org on my local kubernetes cluster.

I took the following NGINX config https://nixos.wiki/wiki/FAQ/Private_Cache_Proxy and created all the folders on the mounted storage.

This is the kubernetes deployment:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nix-cache-volume
spec:
  capacity:
    storage: 500Gi
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/k8s/nix-cache" # Needs exists before PV is created!
  persistentVolumeReclaimPolicy: Retain
***
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nix-cache-pvc
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: manual
  resources:
    requests:
      storage: 500Gi
***
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nix-cache
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nix-cache
  template:
    metadata:
      labels:
        app: nix-cache
        name: nix-cache
    spec:
      volumes:
        - name: nix-cache-storage
          persistentVolumeClaim:
            claimName: nix-cache-pvc
        - name: nix-cache-config
          configMap:
            name: nix-cache-config
      containers:
        - name: nix-cache
          image: nginx:1.27.0 
          ports:
            - containerPort: 80
          volumeMounts:
            - name: nix-cache-storage
              mountPath: /data
            - name: nix-cache-config
              mountPath: /etc/nginx/sites-available/default
          resources:
            limits:
              memory: "512Mi"
              cpu: "300m"
            requests:
              memory: "256Mi"
              cpu: "200m"
***
apiVersion: v1
kind: Service
metadata:
  name: nix-cache
spec:
  selector:
    app: nix-cache
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
***
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nix-cache-ingress
  annotations:
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  rules:
    - host: "nix-cache.raspi.home"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: nix-cache
                port:
                  number: 80
  tls:
    - secretName: nix-cache-raspi-home-tls
      hosts:
        - "nix-cache.raspi.home"
***
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nix-cache.raspi.home
spec:
  commonName: nix-cache.raspi.home
  dnsNames:
    - "nix-cache.raspi.home"
  secretName: nix-cache-raspi-home-tls
  issuerRef:
    name: ca-issuer
    kind: ClusterIssuer
***
apiVersion: v1
kind: ConfigMap
metadata:
  name: nix-cache-config
data:
  nginx.conf: |
    server {
      listen 80;
      server_name nix-cache.raspi.home;

      location ~ ^/nix-cache-info {
        proxy_store        on;
        proxy_store_access user:rw group:rw all:r;
        proxy_temp_path    /data/nginx/nix-cache-info/temp;
        root               /data/nginx/nix-cache-info/store;

        proxy_set_header Host "cache.nixos.org";
        proxy_pass https://cache.nixos.org;
      }

      location ~^/nar/.+$ {
        proxy_store        on;
        proxy_store_access user:rw group:rw all:r;
        proxy_temp_path    /data/nginx/nar/temp;
        root               /data/nginx/nar/store;

        proxy_set_header Host "cache.nixos.org";
        proxy_pass https://cache.nixos.org;
      }
    }

To use the cache I added it to the substituters.

  nix.settings.substituters = [
    "https://nix-cache.raspi.home/"
  ];

But when I try to use it, get the error:

# Trigger a download
nix develop nixpkgs#just
# Error message
warning: 'https://nix-cache.raspi.home' does not appear to be a binary cache

In the logs of the NGINX I see the following error:

2024/08/03 12:09:30 [error] 31#31: *3 open() "/usr/share/nginx/html/nix-cache-info" failed (2: No such file or directory), client: 10.42.2.7, server: localhost, request: "GET /nix-cache-info HTTP/1 │
│ 10.42.2.7 - - [03/Aug/2024:12:09:30 +0000] "GET /nix-cache-info HTTP/1.1" 404 153 "-" "curl/8.8.0 Nix/2.18.5" "10.42.2.1"                                                                             │
│ 10.42.2.7 - - [03/Aug/2024:12:09:30 +0000] "PUT /nix-cache-info HTTP/1.1" 405 157 "-" "curl/8.8.0 Nix/2.18.5" "10.42.2.1"    

Any ideas whats wrong? I'm neither an nix nor an nginx expert, so maybe it is something really simple but I cannot figure it out.

36
4
submitted 3 months ago* (last edited 3 months ago) by areyouevenreal@lemm.ee to c/nix@programming.dev
 
 

I am having audio issues on NixOS. I have tried enabling all firmware. I've also tried both pipewire and pulseaudio. The audio is confirmed working on CachyOS live image.

Here is the error message found in the system log:

`Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: sink MIXER1.0g623.1 not found

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: topology: add_route failed: -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: topology: could not load header: -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: tplg component load failed -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: error: failed to load DSP topology -22

Aug 01 01:43:19 nixos kernel: sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_component_probe on 0000:00:1f.3: -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: failed to instantiate card -22

Aug 01 01:43:19 nixos kernel: skl_hda_dsp_generic skl_hda_dsp_generic: probe with driver skl_hda_dsp_generic failed with error -22`

Here is configuration.nix

37
 
 

I created a hyprland and waybar configuration using nix, and neither seem to actually apply. Why is this happening?

https://pastebin.com/01z6BiCj

38
 
 

Does anybody know if there is a website or resource that has NixOS modules you can include in your config?

39
 
 

This is my first FOSS code project. If anyone has any constructive suggestions for improvement, please let me know.

https://github.com/guttermonk/waybar-nixos-updates

40
 
 

I am just setting up my NixOS config for the first time, and I know that it will be fairly complex. I know it will only be possible and scalable if I have sane conventions.

I have read a number of example configs, but there does not seem to be consistent conventions between them of where to store custom option declarations, how to handle enabling/disabling modules, etc. They all work, but they do it in different ways.

Are there any official or unofficial conventions/style guides to NixOS config structure, and where can I find them?

For example, should I make a lib directory where I put modules that are easily portable and reusable in other people's configs? When should I break modules up into smaller ones? Etc. These are things that I hope to be addressed.

41
 
 

So I started using nixos as a daily driver several months ago.

At first it was nice using the life disk to install it. I really liked the options you could choose. The only the thing it misses is the information that it will install systemd bootloader and I don't have the option to install grub2.

Then when I used it I had to learn that I needed to switch my flatpaks back to the system packages since nix had almost all of them too. And nix packages work better in nix. Even though flatpak is sandboxed sth. in nixos makes some of them break.

I could usually install my software just by using the existing packages, but if not available I started learning nix-shell amd nix in general.

This is when I realised I can't recommend nixos to normal people. If for any reason you need to install sth. that is not in the packages you are fucked. Usually it is easier to get a docker running than to learn nixos and setup a working nix-shell. However once you have a nix-shell to compile some c program you definitely have a deeper understanding of nixos and the program.

I often break my systems by tinkering around. So this was a great experience in nixos since I could go back several generations to a working one and continue from there.

However the last weeks I managed to break nixos! Even going back several generations didn't help. Probably going back several weeks may have worked, but I decided to reinstall instead.

So my problem was basically that I updated from 23.11 to 24.05.

I wanted to update since I was on unstable for razer stuff since I need current drivers.

However once I managed to get the update working i wasn't able to login into x11 anymore and Wayland seems inperformant in gaming. I also have other issues with Wayland.

The next thing was that I wanted to use an amd gpu for gpu-passthrough in a vm and therefore had a Nvidia and amd gpu present. However the system booted into the amd gpu and only after login switched to the Nvidia one.

If I blacklisted the drivers of amd I would not get a sddm log in screen anymore. Nothing I did fixed that. Removing the amd gpu didn't help. Going back to the novau drivers worked but I couldn't use them since they are broken as well.

After tinkering around a lot I finally decided to reinstall the current nixos image.

So life image it is again. Automatically loads Wayland. If I assume correctly with novau drivers. I installed everything however during the installation process the gui broke. (Wayland and novau don't work well I guess. Fuck Nvidia) And even though through tty I could see when it was finished I couldn't boot into the system.

So I rebooted the life disk and then logged out switched to x11 and reinstalled again. This time it worked. I then used my old configuration and only updated to plasma6 since I already installed that on the new installation.

And to my surprise it just worked. Everything was like before. X11 working and so on.

So while I managed to break nixos it is in fact just as easy to reinstall again and configure like before.

42
 
 

Hi, I am considering switching to NixOS and I was wondering what level of hassle I should expect for gaming.

I have been using linux for about 10 months so I don't know a lot yet. I am wondering if it is worth it to try gaming on Nix or if it is going to be way too much of a headache considering my limited knowledge.

I've had wildly different experiences trying gaming on different distros, and very differently from what I expected. It went from fine for a weird niche distro (antiX), to really awful for a distro supposedly "easy" and "good for gaming" (Manjaro 😑), to absolutely amazing gaming distro (Nobara), and finally to surprisingly good for a "don't try unless you are a Level 99 Tech Wizard dual-classed Zen Master you idiot" distro (Arch). So I really have no clue what to expect from Nix.

I really like Arch but my main issue is that I keep forgetting what I have already configured and how and with which settings, or I leave stuff partially configured because adhd then I forget it wasn't finished and where I was at, so using config files instead sound insanely more convenient and I've been wanting to try Nix for a while.

I'd be really glad for anyone willing to share their experience of gaming on Nix 🙂

43
 
 

I have started using NixOS recently and I am just now creating conventions to use in my config.

One big choice I need to make is whether to include a unique identifier as the most significant attribute in any options that I define for my system.

For example:

Lets say I am setting up my desktop so that I am easily able to switch between light and dark modes system-wide. Therefore, I create the boolean option:

visuals.useDarkMode

Lets say I also want to toggle on/off Tor and other privacy technologies all at once easily, so I create the boolean:

usePrivateMode

Although these options do not do related things, they are still both custom options that I have made. I have the first instinct to somehow segregate them from the builtin NixOS options. Let's say my initials are "RK". I could make them all sub-attributes of the "RK" attribute.

rk.visuals.useDarkMode

rk.usePrivateMode

I feel like this is either a really good idea or an antipattern. I would like your opinions on what you think of it and why.

44
 
 

I'm working through some necessary issues in VMs as I work towards dropping Windows, but it occurred to me that I should pick a distro my non-techy partner could use in the event that something catastrophic happens to me. I really like the declarative/immutable distros, but perhaps something more traditional with btrfs snapshots would be better suited to such a use case...?

It's no secret that NixOS has a steep learning curve, but do any of you share a NixOS PC with family/partners/etc.? If so, what has that experience been like? Could they take over admin if you were incapacitated?

45
46
47
 
 

If given the option, which route do you go? I have services running in both, and I'll often just do whats easier. I dont really notice a different in performance the configuration for containers is simple enough I don't mind it.

I also wish there was a nix function that parsed a docker compose and used it for the oci-container config. Then I could use my existing compose files or the ones I find in docs online.

48
9
submitted 4 months ago* (last edited 4 months ago) by TeaTastic@lemmy.world to c/nix@programming.dev
 
 

I'm attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it's not being proxied through Tor as desired.

 services.resolved.enable = false;
 services.dnscrypt-proxy2 = {
   enable = true;
   settings = {
     ipv6_servers = config.networking.enableIPv6;
     block_ipv6 = !(config.networking.enableIPv6);
     listen_addresses = ["127.0.0.1:53" "[::1]:53"];
     force_tcp = true;

     use_syslog = false;
     odoh_servers = true;
     require_dnssec = true;
     require_nolog = false;
     require_nofilter = true;

     anonymized_dns = {
       routes = [
         {
           server_name = "*";
           via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
         }
       ];
       skip_incompatible = true;
     };

     sources.public-resolvers = {
       urls = [
         "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
         "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
       ];
       cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
       minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
     };

     block_unqualified = true;
     block_undelegated = true;
     proxy = "socks5://127.0.0.1:9050";
   };
 };

 systemd.services.dnscrypt-proxy2.serviceConfig = {
   StateDirectory = "dnscrypt-proxy";
 };
    useDHCP = false;
    enableIPv6 = true;
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    networkmanager.enable = true;
    networkmanager.dns = "none";
  services.tor = {
    enable = true;
    enableGeoIP = false;
    torsocks.enable = true;
    client = {
      enable = true;
    };
  };
49
 
 

This idea is inspired by nixos-mailserver. It was so easy to spin up the mailserver after changing some DNS records and putting in some settings. I thought it might be a good idea to do the same for services that need public, decentralized infrastructure to support. Some ideas include

  • Tor relay, or exit node
  • Encrypted messaging nodes. It looks like SimpleX chat relies on SMP servers to relay communication
  • Crypto miners (I know, I know, but you understand how it fits the “public contribution” usecase)
  • Search engines like searxng (I currently use a public instance)
  • Libredirect services, like proxy clients for social media

Maybe federated services, but those require more than just the software running on the public internet. Those require moderation and long term maintenance. Ideally, the services in this config would be ephemeral.

Does this sound like a good idea? Would you spin one of these up on a $10 VPS? I understand that this is the NixOS community, not necessarily the privacy community, but I figured thered be overlap.

What other services do you think would be applicable?

50
 
 

I want to install a package, I lookup for the package here https://search.nixos.org/packages? I can find multiple versions. two that sound right, two sound like rubbish and one is a plugin for something. How do I decide which of the two good sounding packages I should choose? What if the package or even both not work? How do I know that it is up to date? How do I know that it will be updated in a timely manner? Can I update it?

view more: ‹ prev next ›